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ABSTRACT 


Information  Systems  have  a  need  for  a  level  of  seeurity  to  proteet  the  data  when  being 
transmitted  from  one  user  to  another.  This  thesis  points  out  a  method  of  proteeting  data 
utilizing  an  end-to-end  level  of  seeurity.  The  idea  is  grounded  in  looking  at  the 
advantages  provided  with  the  Publie  Key  Infrastrueture  applied  to  add  a  level  of 
authentieity  to  the  data  on  the  reeeiving  end  of  a  transmission.  The  foeus  of  this  thesis  is 
proteeting  data  transmitted  aeross  the  Internet  via  e-mail  using  end-to-end  seeurity. 

This  thesis  proves  that  applying  PKI  as  data  proteetion  to  the  Information  System 
Applieation  Layer  ean  be  used  to  provide  seeure  end-to-end  eonneetions  and  e-mail  is  the 
tool  ehosen  for  this  thesis  to  aeeomplish  this  goal.  The  seope  of  this  thesis  is  to  identify 
authentie  and/or  eonfidential  eommunieation  of  data  aeross  an  Internetwork.  The 
variables  to  discuss  are  the  ability  to  digitally  sign  and  secure  the  data  with  the  digital 
signature,  establishing  a  connection  to  an  unregulated  network,  and  confirmation  of 
delivery  of  the  data  by  an  alternate  user  computer.  This  thesis  will  focus  on  using  a  public 
key  signature  point  out  how  this  provides  authenticity,  with  a  bonus  inclusion  of  the 
integrity. 
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EXECUTIVE  SUMMARY 


Information  Systems  have  a  need  for  a  level  of  seeurity  to  proteet  data  during 
transmission  from  one  user  to  another.  This  thesis  points  out  a  method  of  protecting  data 
utilizing  an  end-to-end  level  of  security.  The  idea  is  grounded  in  looking  at  the 
advantages  provided  with  the  Public  Key  Infrastructure  applied  to  add  a  level  of 
authenticity  to  the  data  on  the  receiving  end  of  a  transmission.  The  focus  of  this  thesis  is 
protecting  data  transmitted  across  the  Internet  via  e-mail  using  end-to-end  security. 

Public  Safety  staffs  (federal,  state  and  local  law  enforcement,  as  well  as  fire  and 
emergency  medical  service  personnel)  are  currently  unable  to  communicate  or  send 
information  to  each  other  over  the  Internet  using  wireless  technology  efficiently  during 
crisis  situations.  During  times  of  crisis,  public  safety  organizations  need  the  ability  to 
transfer  data/information,  which  includes  the  location  of  assets,  to  a  central  command 
organization  for  strategic  purposes  in  an  efficient  manner.  For  purposes  of  this  thesis, 
information  security  via  authentication  is  of  prime  importance. 

This  thesis  proves  that  applying  PKI  as  data  protection  to  the  Information  System 
Application  Layer  can  be  used  to  provide  secure  end-to-end  connections  and  e-mail  is  the 
tool  chosen  for  this  thesis  to  accomplish  this  goal.  The  scope  of  this  thesis  is  to  identify 
authentic  and/or  confidential  communication  of  data  across  an  Internetwork.  The 
variables  to  discuss  are  the  ability  to  digitally  sign  and  secure  the  data  with  the  digital 
signature,  establishing  a  connection  to  an  unregulated  network,  and  confirmation  of 
delivery  of  the  data  by  an  alternate  user  computer. 

This  thesis  will  focus  on  using  a  public  key  signature  point  out  how  this  provides 
authenticity,  with  a  bonus  inclusion  of  the  integrity.  When  the  information  is  received, 
how  the  information  was  compromised  or  the  legitimacy  of  the  source  is  not  a  concern 
because  the  design  will  prevent  receipt  of  the  message. 
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I.  INTRODUCTION  AND  PROBLEM  STATEMENT 


A,  INTRODUCTION 

Information  Systems  have  a  need  for  a  level  of  security  to  protect  the  data  during 
transmission  from  one  user  to  another.  This  thesis  intends  to  point  out  a  method  of 
protecting  data  utilizing  an  end-to-end  level  of  security.  The  idea  is  grounded  in  looking 
at  the  advantages  provided  with  the  Public  Key  Infrastructure  (PKI)  applied  to  add  a  level 
of  authenticity  to  the  data  on  the  receiving  end  of  a  transmission.  Protecting  data 
transmitted  across  the  Internet  via  e-mail  using  end-to-end  security  is  the  focus  of  this 
thesis. 

Public  Safety  staffs  (federal,  state  and  local  law  enforcement,  as  well  as  fire  and 
emergency  medical  service  personnel)  currently  are  unable  to  communicate  or  send 
information  efficiently  during  crisis  situations  over  the  Internet  using  wireless 
technology.  While  there  are  many  reasons  for  the  inability  to  communicate  efficiently, 
one  study  cites  turf  battles,  lack  of  funding  and  political  will  for  the  development  of 
shared  radio  communications  systems,  lack  of  common  standards,  and  shortfalls  in 
spectrum  available  for  public  safety  as  reasons  for  this  lack  of  ability  to  share 
(SAFECOM  Baseline  Survey,  2006)  and  this  idea  is  backed  up  by  various  papers  and 
studies  (Schumacher,  2009;  Miller,  Granato,  Feuerstein  &  Ruffino,  2005).  During  times 
of  crisis,  public  safety  organizations  need  the  ability  to  transfer  data/information,  which 
includes  the  location  of  assets,  to  a  central  command  organization  for  strategic  purposes 
in  an  efficient  manner.  For  purposes  of  this  thesis,  information  security  via  authentication 
is  of  prime  importance. 

Since  our  most  recent  national  attack  requiring  cross  communications  between 

law  enforcement,  fire  and  emergency  medical  services  personnel  on  September  11,  2001, 

several  committees,  working  groups,  and  standards  committees  have  been  formed  to 

study  how  information  sharing  can  take  place.  SAFECOM  has  taken  the  lead  in  setting 

the  standards  and  creating  a  snapshot  of  the  capacity  and  use  of  interoperability  for  first 

responders.  Unfortunately,  SAFECOM  has  maintained  a  focus  only  on  voice 
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communications  interoperability.  SAFECOM’s  interoperability  focus  would  be  quite 
beneficial  if  there  were  more  of  a  focus  on  the  Information  System  interoperability 
because  more  end  systems  would  be  better  able  to  work  together  regardless  of  the  type  of 
eommunication  system;  either  voiee  or  data  oommunieation  systems.  The  intent  of  this 
thesis  is  to  examine  one  tool  that  is  available  for  remote  assets  to  use  when 
eommunieating  with  erises  eommand  eenters. 

A  review  of  the  basie  use  of  eomputers  and  applieation  systems  is  important 
before  engaging  in  the  diseussion  of  seeurity  of  information  transmission  among  public 
safety  personnel.  This  thesis  will  start  with  pointing  out  computer  and  operating  system 
exchange,  eomponents  of  the  Information  System  interoperability. 

Harris  (2005)  provides  the  history  and  overview  of  eomputer  systems, 
applieations,  and  seeurity.  The  book  outlines  the  complieations  of  systems  seeurity 
because:  “Applieations  and  eomputer  systems  are  usually  developed  for  functionality 
first,  not  security  first.  To  get  the  best  of  both  worlds,  seeurity  and  funetionality  would 
have  to  be  designed  and  developed  at  the  same  time”  (p.  809).  Therefore,  a  system 
developer  needs  to  inelude  security  requirements  and  funetional  requirements  to  ensure 
the  eomputer  system  ean  safely  perform  the  tasks  it  is  ereated  to  aeeomplish.  Likewise,  a 
eomputer  system  must  be  developed  with  the  ability  to  be  monitored  while  funetioning  as 
designed. 

Information  Systems  need  to  communicate  freely,  but  they  also  have  the  need  for 
sense,  decide,  and  act  nodes  that  can  act  independently  while  being  monitored.  There 
also  exists  a  need  for  the  system  to  maintain  a  level  of  seeurity.  Until  reeently,  just 
providing  perimeter  deviees,  sueh  as  firewalls,  intrusion  detection  systems  (IDSs), 
sensors,  and  vulnerability  seanners,  was  eonsidered  enough  proteetion.  Harris  (2005) 
also  identifies  reasons  for  supporting  sueh  types  of  seeurity  ideas,  but  the  one  discussed 
in  this  thesis  is  Publie  Key  Infrastrueture  and  how  it  relates  to  authentieity  beeause,  “In 
the  past,  it  was  not  erueial  to  implement  seeurity  during  the  software  development  stages; 
thus,  many  programmers  do  not  praetiee  these  proeedures”  (p.  810). 
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Therefore,  the  aforementioned  challenges  force  a  designer  to  ask,  “Where  is  the 
best  place  to  apply  the  security  feature?”  rather  than,  “How  can  this  whole  infrastructure 
remain  protected?”  In  the  development  of  an  information  system,  Harris  (2005)  points 
out:  “Security  is  most  effective  if  it  is  planned  and  managed  throughout  the  life  cycle  of  a 
system  or  application,  versus  applying  a  third-party  package  as  a  front  end  at  the  end  after 
the  development.  Many  security  risks,  analyses,  and  events  occur  during  a  product’s 
lifetime,  and  these  issues  should  be  dealt  with  from  the  initial  planning  stage  and 
continue  through  the  design,  coding,  implementation,  and  operational  stages”  (p.832). 
Although  software  development  is  not  the  central  focus  of  this  study,  it  is  an  important 
feature  to  consider  when  a  system  or  application  is  developed.  This  ensures  that  all 
applications  will  be  compatible. 

B,  THESIS  GOAL 

The  goal  of  this  thesis  is  to  prove  that  applying  PKI  as  data  protection  to  the 
Information  System  Application  Layer  can  provide  secure  end-to-end  connections,  and  e- 
mail  is  the  tool  chosen  for  this  thesis  to  accomplish  this  goal. 

The  use  of  PKI  can  be  applied  at  any  level  but  that  is  beyond  the  scope  of  this 
thesis.  The  focus  of  this  thesis  is  end-to-end  security  using  PKI  as  a  solution  to  the 
authenticity  security  issue. 

C.  SECURITY  DEFINITIONS 

In  order  to  identify  what  concepts  are  being  described,  it  is  important  to  know 
what  the  key  terms  are  being  discussed.  The  following  definitions  are  taken  from 
RFC2828,  which  provides  a  foundation  for  information  systems  terms  usage: 

•  authenticity:  The  property  of  being  genuine,  verifiable  and  trustworthy. 

•  confidentiality:  information  is  not  made  available  or  disclosed  to 
unauthorized  individuals. 

•  integrity:  The  property  that  data  has  not  been  changed,  destroyed,  or  lost 
in  an  unauthorized  or  accidental  manner. 
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This  thesis  will  focus  on  using  a  public  key  signature  point  out  how  this  provides 
authenticity,  with  a  bonus  inclusion  of  the  integrity.  When  the  information  is  received, 
how  the  information  was  compromised  or  the  legitimacy  of  the  source  is  not  a  concern 
because  the  design  will  prevent  receipt  of  the  message. 

D,  RESEARCH  QUESTIONS 

The  scope  of  this  thesis  is  to  identify  authentic  and/or  confidential  communication 
of  data  across  an  Internetwork.  The  variables  to  discuss  are  the  ability  to  digitally  sign 
and  secure  the  data  with  the  digital  signature,  establishing  a  connection  to  an  unregulated 
network,  and  confirmation  of  delivery  of  the  data  by  an  alternate  user  computer. 

Beyond  the  scope  of  this  thesis  are  the  communications  interoperability, 
networking  technology,  and  data  fusion  into  information.  All  of  these  are  important 
features,  but  beyond  the  scope  of  this  thesis. 

Information  communicated  over  the  Internet  can  be  by  voice  or  data 
communications.  Either  can  be  sent  across  the  Internet  via  Internet  Protocol  packet.  The 
assertion  made  in  the  thesis  can  be  applied  to  either  communication.  This  thesis  only 
concerns  itself  with  the  end-to-end  securing  of  the  data  over  the  Internet. 

E.  MEASURABLE  SUCCESS  GOAL 

The  method  designed  for  this  thesis  demonstrates  the  ability  to  securely  transmit 
information  using  existing  wireless  devices  and  technology,  thus  protecting  data  from 
being  exposed  while  being  transmitted  from  sender  to  receiver.  This  process  allows  for 
the  data  to  have  an  end-to-end  level  of  security.  Therefore,  the  success  metric  is  achieved 
by  identifying  where  the  data  is  no  longer  in  a  protected  form. 
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F.  THESIS  QUESTIONS 

The  questions  to  be  addressed  are: 

1.  Can  First  Responders  use  PKI  to  provide  seeurity  for  information  that 
eomes  from  a  sensing  tool  that  is  transmitted  aeross  the  Internet  via 
wireless  means? 

2.  Does  it  have  value? 

3.  If  it  has  value,  then  to  whom? 

G.  BACKGROUND  FOR  STUDY 

For  some  years,  NFS  Information  Teehnology  Management  Department 
personnel  engaged  in  eommunieation  with  the  Monterey  County  Law  Enforeement  and 
Fire  Department  to  diseuss  the  use  of  Information  Teehnology  tools  to  improve  the 
effieiency/effeetiveness  of  their  responses  to  erisis  management  situations.  Rex 
Buddenberg  presented  an  overview  of  these  eonversations,  as  well  as  previous  researeh 
projeets  undertaken  for  this  partnership  to  our  elass.  His  previous  work  eontributed  to  the 
idea  to  study  how  one  tool,  a  tracking  system  (sensor),  would  be  advantageous  to  the 
local  Monterey  fire  department,  a  public  safety  organization  and  the  testers  of  the  theory 
proposed  in  the  thesis. 

Common  security  approaches  usually  incorporate  the  security  of  the  sensors  used 
on  the  network  by  creating  a  completely  separate  network.  This  approach  is  not  the  most 
efficient  when  the  same  desired  result  can  be  accomplished  by  providing  end-to-end 
security  over  the  existing  Internet  utilizing  proper  security  protocols.  In  the  case  of  this 
thesis,  the  idea  that  end-to-end  security  can  be  accomplished  is  presented  with  the  use  of 
PKI. 
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H.  THESIS  ORGANIZATION 


Chapter  I  provides  a  brief  overview  of  the  study’s  purpose  and  a  listing  of  the 
original  set  of  study  questions  for  the  thesis.  Chapter  II  reviews  the  literature  delineating 
the  extent  and  practicality  of  using  such  a  component  in  the  development  of  the 
architecture  of  a  network.  This  will  provide  the  basis  for  why  using  PKI  in  development 
of  the  network  architecture  is  important  from  various  security  points  of  view.  Chapter  III 
details  the  research  methodology  used  in  the  study.  Chapter  IV  provides  the  findings  of 
the  study  and  explains  how  everything  works  together.  Chapter  V  provides  conclusions 
and  recommendations  for  use  of  this  study  for  future  research. 
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II.  RELATED  WORK 


A,  INFORMATION  TRANSMISSION 

Traditionally,  information  was  transferred  orally  from  person  to  person  or  from 
one  person  to  many  via  publie  meetings  or  settings.  As  soeiety  expanded,  and  with  the 
advent  of  mail  serviee,  printed/written  words  were  used  to  eommunieate  out  to 
individuals  or  the  masses.  Information  that  was  eonfidential  in  nature  was  sent  via  private 
messenger  or  some  seeure  means.  Sometimes,  upon  delivery  of  that  information,  the 
messenger  was  killed.  This  act  assured  the  sender  that  the  message  and  its  contents 
remained  confidential  (i.e.,  dead  men  tell  no  tales). 

Today,  information  in  our  society  is  transmitted  in  many  forms,  including  the  use 
of  large  and  small  electronic  devices.  Communication  transmissions  have  evolved  from 
words  on  paper  to  electrons  passing  data  from  person  to  person,  device  to  device.  The 
Internet  was  developed  for  this  purpose.  Initially,  security  was  not  an  issue  because  only 
those  with  reception  devices  could  obtain  the  messages.  The  first  users  of  the  Internet 
were  agencies  within  the  DoD  (ARPANET).  They  used  it  as  a  means  of  transmitting  data 
from  one  point  to  another.  With  technological  improvements  and  the  availability  of 
electronic  transmission  to  anyone  with  the  hardware  to  transmit  (via  landlines  or 
wirelessly),  security  of  transmissions  via  the  Internet  has  become  very  important. 

B,  SECURING  DATA 

A  discussion  of  ways  to  secure  data  is  necessary  before  moving  forward. 

I.  Physical  security.  Access  can  be  limited  to  electronic  information  by 
physically  separating  the  information  from  any  other  interested  party  via 
barriers  such  as  locks,  walls  and  doors.  Information  can  also  be  protected 
by  other  safety  mechanisms  such  as  fire  extinguishers  and  alarm  devices 
to  indicate  if  the  information  is  in  possible  danger. 
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2. 


Network  security.  The  information  can  receive  an  individual  section  of 
protection  as  it  passes  down  the  layers  of  information  structuring.  These 
layers  include  the  Application  Layer,  Transport  Layer,  Network  Layer, 
and  Data  Link  Layer.  Each  step  can  provide  another  layer  of  electronic 
security  while  information  travels  on  the  designated  network. 

For  the  purposes  of  this  thesis,  an  Application  Layer  of  security  is  applied  over 
the  network  and  all  other  forms  of  security  are  ignored. 

C.  USING  PKI 

PKI  is  an  infrastructure  for  providing  key  pairs.  A  key  pair  provides  only  the  user 
with  a  private  key  and  authentically  advertises  the  user’s  public  key.  PKI  utilizes  RSA; 
which  allows  the  PKI  to  be  practically  useful.  RSA  (named  for  the  inventors,  Rivest, 
Shamir  and  Adelman)  is  a  cryptography  procedure  that  capitalizes  on  the  large  prime 
factorial  problem  and  allows  for  the  separation  of  keys  into  public  and  private  (the 
asymmetric  part)  ones.  RSA  allows  the  user  to  digitally  sign  an  object  with  a  private  key 
and  anyone  to  test  the  validity  of  that  signature  with  your  public  key.  PKI  provides  the 
proper  keys  in  the  appropriate  places  to  do  RSA,  thereby  guaranteeing  authenticity  is 
always  achieved  through  a  required  digital  signature, 

A  case  where  emergency  services  require  only  authenticity  is  in  own  position 
reporting.  Confidentiality  may  be  an  issue  for  some  police  services  trying  to  maintain  a 
low  profile;  otherwise,  just  maintaining  the  authenticity  remains  the  priority.  In  order  to 
uphold  this  concept,  the  user  has  to  have  the  PKI  to  hold  up  the  RSA  digital  signature 
process.  The  same  PKI  holds  up  the  encryption  process,  so  that  requirement  delivers  for 
free. 

Determining  how  to  develop  the  network  infrastructure  consisting  of  a  trusted 
environment  can  be  very  confusing.  The  network  infrastructure  can  either  be 
developed  by  the  network  developers  or  outsourced  to  a  more  established  organization 
to  monitor  and  maintain  this  setup.  The  pros  versus  the  cons  are  pointed  out  by 
Newman  (2001)  and  the  bottom  line  establishes  that  it  is  a  matter  of  trust  as  to  who  is  to 
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develop,  monitor  and  maintain  the  eertifieates  in  the  infrastructure.  The  keys  must  be 
maintained  and  is  either  in  a  hierarchical  design  as  follows  (Figure  1). 


Figure  1 .  Depiction  of  a  Root  Certificate  Authority  (From  Newman,  2001) 


Figure  1  demonstrates  how  a  key  certification  process  is  maintained  using  a  top- 
down  infrastructure.  This  setup  designates  a  top  level  designator  of  the  key  generations 
used  in  the  PKI  for  the  organization.  The  alternate  method  is  a  mesh  organization,  as 
shown  in  Figure  2. 


Figure  2.  Depiction  of  a  Mesh  Certificate  Authority  (From  Newman,  2001) 
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In  Figure  2,  the  keys  are  shared  among  a  group  of  authorities  and  this  design  can 
allow  for  a  back-up  of  the  way  the  system  is  maintained,  less  control  over  the  dominant 
station  controlling  the  certificates  used  to  establish  keys  is  not  as  well  maintained.  As 
with  the  question  as  to  who  is  maintaining  and  monitoring  the  infrastructure,  control  of 
who  is  responsible  becomes  the  main  concern  and  can  lead  to  a  definite  bias  towards  the 
Root  Certificate  Authority  (CA)  to  maintain  control  over  where  keys  and  certificates  are 
provided  from  a  single  source. 

The  projected  end  state  for  this  study  is  the  determination  that  a  PKI  can  assist  in 
the  development  of  an  information  system  and  not  conflict  with  the  interoperability  of  the 
components  connected  to  the  network  where  the  information  system  resides.  PKI  is  an 
established,  available  system  and  this  study  has  a  goal  of  demonstrating  the  value  that  can 
be  added  when  incorporating  this  type  of  security  with  an  interoperable  system.  The 
explanation  as  to  how  to  implement  a  PKI  will  be  examined  and  explained.  Finally,  a 
simple  demonstration  will  be  set  up  to  demonstrate  how  the  confidentiality,  integrity,  and 
authenticity  of  an  information  system  have  value  added  with  a  PKI. 

When  using  cryptography  to  protect  information,  the  sender  cannot  deny  sending 
the  information  and  the  receiver  has  a  valid  reason  to  believe  that  the  information 
originated  from  the  listed  sender.  The  process  of  encryption  is  a  process  of  using 
designated  values  to  encode  information  from  both  the  user  and  sender;  these  values  are 
known  as  keys.  Information  that  has  been  encoded  can  be  translated  using  the  key  that 
provided  for  the  now  encrypted  information. 

The  public  key  cryptography  algorithms  and  implementations  live  in  protocols 
like  S/MIME  (which  pretty  much  come  automatically  in  your  operating  system 
distribution  these  days).  But  the  public  key  INFRASTRUCTURE  is  not — ^you  need  the 
actual  key  pairs  to  make  the  crypto  algorithms  work.  In  DoD,  the  local  PKI  artifact  lives 
in  your  CAC,  not  your  computer’s  OS. 

Public  Key  Cryptograph  is  the  use  of  an  asymmetric  algorithm  to  create  a  public 
and  private  key  pair,  perform  a  key  exchange  or  agreement,  and  generate  and  verify 
digital  signatures.  PKI  utilizes  the  assumption  that  the  identity  of  one  end  user  can  be 
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verified  through  a  “eertificate”  by  a  eertifieate  authority  and  uses  the  algorithm  of  the 
asymmetrie  algorithm  (Publie  Key  Cryptography)  to  carry  out  the  key  exchange.  The 
certificates  are  generated  and  maintained  by  those  that  can  identify  users,  thus  allowing 
for  encrypted  communication  and  authentication  between  users  as  stated  by  Harris 
(2005). 

So,  if  the  idea  is  appealing,  the  next  step  is  to  gain  a  certificate  for  use.  As 
previously  mentioned,  there  are  two  ways  to  go  about  maintaining  a  PKI  for  an 
information  system,  either  by  home  grown  development  or  by  outsourcing  to  established 
certificate  authority  organizations.  Before  assuming  PKI  is  the  solution  to  all  security 
related  problems,  Schneier  (2000)  reminds  security  personnel  that,  “Long  keys  don’t 
make  up  for  an  insecure  system  because  total  security  is  weaker  than  the  weakest 
component  in  the  system.”  Therefore,  overall  security  must  be  accounted  for  and  not  to 
place  all  eggs  in  one  PKI  basket.  Continuing  with  the  development  of  a  Public  Key 
Infrastructure,  the  process  can  be  achieved  by  reviewing  Network  Working  Group 
Request  for  Comments  (RFC):  4158,  which  provides  guidance  for  developing  a  public 
key  certification  path  within  a  given  application. 

D,  THE  TEST  UNDERSTANDING 

This  test  looks  at  the  requirements  for  an  accurate  First  Responder  Information 
System.  The  current  requirements  only  involve  similar  communication  bands  of 
frequencies  to  be  able  to  share  information.  Telling  another  user  a  location  such  as,  “I’m 
in  the  bathroom”  or  “I’m  in  the  master  bedroom”  does  have  validity  to  providing  the 
other  user  where  the  first  is  located.  The  case  reviewed  here  looks  at  that  idea  from  a 
slightly  more  specific  point  of  view. 

The  Merriam-Webster  dictionary  defines  accuracy  as  follows:  (Merriam  Webster, 

n.d.) 

1 .  freedom  from  mistake  or  error:  correctness 

2.  a.  conformity  to  truth  or  to  a  standard  or  model:  exactness 

b.  degree  of  conformity  of  a  measure  to  a  standard  or  a  true  value: 
precision 
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The  definition  that  best  deseribes  in  the  ease  presented  is  one  of  being  free  from 
mistake  or  error.  Using  a  computer  Information  System  to  accurately  identify  the  correct 
sender  of  the  information  can  be  expanded  to  the  idea  that  the  correct  information  has 
been  transmitted  and  not  that  which  might  be  generated  from  another  user.  The  test  case 
used  the  digital  signature  to  ensure  this  idea  and  the  test  concerns  of  validity  are  proven 
with  that  information. 
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III.  HOW  TRANSMISSION  WORKS  IN  THIS  THESIS 


A,  E-MAIL 

Electronic  mail  is  the  universal  method  of  transmitting  information  across  the 
Internet.  Since  it  is  widely  available  and  accepted  as  a  form  of  information  transfer,  e- 
mail  has  been  used  as  the  communications  means  in  this  study.  It  has  the  following 
available  protocols  and  standards: 

i. )  Simple  Mail  Transfer  Protocol  (SMTP)  specifies  the  handling  of  e-mail 

and  it  specifies  the  format  for  the  e-mail  message  header.  The  specifics  for  the  protocol, 
as  outlined  in  RFC822,  do  not  specify  the  requirements  of  the  message  body  itself 

ii. )  Multipurpose  Internet  Mail  Extension  (MIME)  supplements  SMTP  by 
articulating  the  body  parts  of  a  messing.  Now  there  is  an  identifiable  object  so  data 
security  measures  (sign,  crypt)  can  be  applied  to  it. 

hi.)  Secure  Multipurpose  Internet  Mail  Extension  (S/MIME)  is  a  standard  for 
signing/encrypting  electronic  mail  parts.  Taking  a  step  backwards,  the  Multipurpose 
Internet  e-Mail  Extension  (MIME)  is  simply  a  specification  that  indicates  how 
multimedia  data  and  e-mail  body  portions  of  the  message  are  to  be  transferred  by 
dictating  the  encapsulation  of  the  data  for  processing.  Secure  MIME  is  just  an  extension 
of  the  encapsulation  process  that  will  be  understood  by  the  networking  protocols  allowing 
for  the  e-mail  to  be  encrypted  in  the  process.  S/MIME  provides  confidentiality  through 
the  user’s  encryption  algorithm,  integrity  through  the  user’s  hashing  algorithm, 
authentication  through  the  use  of  public  key  certificates  through  cryptographically  signed 
message  digests  (Harris,  2005,  p.  663). 
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IV.  RESEARCH  METHODOLOGY 


A,  PRACTICAL  USAGE 

Getting  the  seeurity  set  up  is  now  overviewed  with  a  few  guides  towards  ereating 
an  original  PKI  eertificate  authority,  the  other  option  is  to  purehase  a  eertificate  from 
Verisign,  Entrust,  GlobalSign  or  any  other  eertifieate  monitoring  authority.  For  a  fee, 
someone  else  ean  maintain  the  eertifieates  and  ensure  all  required  updates  and 
requirements  are  up  to  date. 

Demonstrating  this  idea  will  be  with  the  applieation  of  the  idea  that  a  simple  blue 
foree  tracker  will  be  developed  and  the  information  will  be  transmitted  over  the  Internet 
using  a  secure  means.  This  provides  the  example  that  the  process  is  quite  simple. 

Using  a  Garmin  Global  Positioning  System  (GPS)  receiver,  a  laptop,  an  Internet 
capable  cell  phone,  and  an  automatic  e-mail  system  utilizing  Microsoft  Outlook  to  send 
the  information  from  the  GPS  receiver  will  do  accomplishing  this  task. 

B.  DESIGN  AND  IMPLEMENTATION 

The  tools  for  demonstrating  a  simple  solution  were  selected  were  based  upon  a 
first  responder  in  need  of  transmitting  information  from  an  end  system  to  the  base 
monitoring  location;  keeping  in  mind  that  the  goal  of  sending  this  information  was  to  not 
be  extremely  complicated  and  difficult  to  implement.  The  information  could  include  data 
regarding  location,  equipment  needs,  observations  made,  anything  considered  vital  to  the 
current  environment  and  operation. 

The  first  tool  selected  was  the  Garmin  GPS  receiver  so  that  location  information 
could  be  sent  to  a  monitoring  station  as  a  baseline  for  the  type  of  information  to  be 
transmitted.  Since  the  unit  was  only  a  receiver,  the  data  collected  by  the  receiver  needed 
to  be  saved  on  a  computer,  from  which  the  saved  information  could  be  transmitted  to  the 
monitoring  station.  In  order  to  accomplish  this  task,  a  laptop  running  Microsoft 
Windows  was  utilized  while  running  the  Garmin  GPS  location  software,  which  was 
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downloaded  from  the  Garmin  Web  site  (www.garmin.com).  This  same  software  was 
loaded  onto  a  stationary  desktop  computer  so  that  the  updates  could  be  received  and  the 
data  could  be  displayed  as  the  updates  came  in  from  the  laptop  computer.  A  temporary 
certificate  was  requested  from  VeriSign  so  that  there  was  a  certificate  loaded  on  to  the 
laptop’s  version  of  Microsoft  Outlook,  and  therefore  could  be  verified  by  the  monitoring 
computer.  The  actual  data  from  the  GPS  receiver  had  to  be  set  up  to  be  saved 
automatically  in  a  fixed  interval  of  time  and  then  e-mailed  to  the  receiving  computer. 

The  information  from  the  laptop  computer  was  initially  sent  to  the  second 
computer  via  a  non-automated  process.  Automation  of  the  process  is  capable  with  such 
script  writing  programs  as  Macro  Scheduler,  a  Microsoft  Windows  based  script  editor.  In 
the  Linux  environment,  various  open  sourced  script  editing  programs  (such  as  Script 
Editor  3.0  for  example)  can  be  utilized  to  automate  this  process  in  a  Linux  environment. 
A  basic  depiction  of  the  test  scenarios  was  in  accordance  with  Figure  3. 


Figure  3.  Testing  Example  Diagram 
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A  random  location  with  Internet  aecess  was  chosen,  the  eoordinates  were  saved  in 
the  file  loeation  on  the  laptop  eomputer.  That  information  was  then  digitally  signed  using 
the  security  feature  on  the  laptop’s  Mierosoft  Office  Outlook  eomputer  program,  and  then 
transmitted  to  the  seeondary  eomputer.  This  information  was  transmitted  and  then 
received  by  the  secondary  computer. 

Figure  4  displays  that  the  two  eomputers  are  connected  to  the  Internet  and 
transmitting  information  between  one  another  via  the  Internet.  The  different  systems  that 
ean  possibly  make  up  the  eloud  of  the  Internet,  whieh  eonneets  the  two  separate 
networks,  demonstrate  the  Internet’s  interoperability  capability. 

The  other  members  on  the  Internet  have  no  need  to  be  speeified  as  being  on  the 
loeal  network,  just  having  an  established  Internet  eonneetion.  The  idea  that  two  User 
Agents  ean  talk  to  one  another  along  a  eommon  infrastrueture  is  easy  to  understand. 
Information  on  the  Internet  ean  be  transmitted  from  one  User  Agent  to  another  beeause 
the  arehitecture  that  eomprises  the  Internet  is  already  established.  The  required 
information  is  the  souree  and  destination  addresses  to  determine  where  the  information 
eame  from  and  where  it  is  going  and  the  Internet  protoeols  work  out  by  binding  the 
system  together. 

The  authentieity  of  the  information  is  not  dependant  on  the  originating  location  of 
the  information  or  where  it  is  being  sent.  The  validation  information  ean  be  various  other 
applieations  that  simply  feed  into  the  way  the  information  is  seeurely  transmitted  - 
simply  another  program  on  the  computer.  The  data  to  be  transmitted  stands  by  itself  and 
only  needs  a  vessel  to  eneapsulate  it  as  a  form  of  protection.  In  this  case,  the  end  user 
program  is  Mierosoft  Offiee  Outlook,  whieh  uses  the  digital  signature  to  provide 
authentieity.  Authentieity  of  the  data  is  an  end-to-end  funetion  and  should  not  depend  on 
any  bit-hauling  infrastrueture. 
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Figure  4.  GPS  Data  Flow  Chart 
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C.  DEPLOYMENT  AND  TESTING 

The  actual  testing  of  the  developed  system  worked  quite  effectively  for  such  a 
rudimentary  design.  The  end  resulted  in  the  information  being  transmitted  from  the 
traveling  laptop  computer  to  a  stationary  computer  using  a  Verizon  cell  phone  as  the 
laptop’s  modem. 

The  results  demonstrate  that  using  one  User  Agent  attached  to  any  connection 
node  on  an  inter-networked  system  can  properly  communicate  the  intended  information 
to  another  User  Agent  through  another  inter-networked  system  securely.  The  preferred 
standards  for  protecting  the  information  to  be  stored  is  required  to  be  specific  to  the  end 
system,  because  the  data  is  the  only  part  that  needs  the  security  protection  across  the 
inter-networked  Information  Systems. 

Here  the  test  involved  using  GPS  information  and  the  Microsoft  Office  Outlook 
computer  program  as  a  means  to  provide  an  easy  to  follow  example.  Any  other  data 
transfer  program  can  be  inserted  to  provide  for  similar  results  because  how  the 
information  can  be  transmitted  is  not  important.  For  this  test,  the  information  was  saved 
from  one  fide,  attached  to  an  e-mail  document,  digitally  signed,  sent,  received, 
downloaded  and  resaved  on  a  second  computer  by  an  individual  user.  Where  the  users 
were  connected  to  the  Internet  was  of  no  importance  because  the  different  local  area 
networks  used  the  Internet  Protocol  to  traverse  across  different  connected  networks  and 
again  demonstrating  the  option  of  using  the  Internet  as  the  interoperable  network  of 
networks  as  a  means  to  connect  different  users  together. 

The  use  of  a  GPS  sensor  accomplished  two  tasks  as  the  data  is  passed  from  the 
laptop  user  to  the  other.  First,  because  of  GPS  technology,  data  from  the  location  of  the 
sensor  provides  a  very  accurate  or  precise  set  of  coordinates  as  to  the  location  of  the  user 
using  this  end  system.  Second,  the  digital  signature  provides  for  integrity  of  the 
information  originating  from  the  desired  source  when  received  by  the  second  user. 

The  following  is  the  specific  setup  of  the  experiment. 
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D, 


SETUP 


A  User  Agent  was  established  with  a  laptop  eomputer.  The  User  Agent’s  purpose 
was  to  roam  while  sending  out  information  of  interest  about  itself  (the  User  Agent).  The 
information  about  the  User  Agent  was  the  GPS  information  file  that  was  stored  on  the 
laptop.  The  loeation  of  the  User  Agent  is  updated  eontinuously,  therefore  a  save  interval 
of  the  information  had  to  be  established.  The  established  update  period  of  onee  every 
minute  was  established.  The  most  reeent  GPS  loeation  was  stored  in  a  file  direetory  and 
eould  be  exported  as  desired  by  the  User  Agent. 

E,  E-MAIL  SETUP 

Mierosoft  Outlook  was  ehosen  to  be  the  information  export  deviee  beeause  of  its 
versatility  for  use  with  all  types  of  e-mail  programs.  An  e-mail  address  for  sending  the 
information  was  ehosen  “SenderBlackmonThesis@Gmail.eom”  and  set  up  for  use  with 
the  Microsoft  Outlook  program.  A  Google  Mail  (Gmail)  account  was  chosen  due  to  the 
fee  requirements  of  setting  up  a  Microsoft  Hotmail  account  with  Microsoft  Outlook.  A 
simple  yet  strong  password  was  established  as  “JbB2009!”  so  that  the  account  could  be 
monitored  as  needed.  In  the  Gmail  account,  certain  settings  had  to  be  changed  so  that  it 
would  work  properly  with  Microsoft  Outlook.  Under  the  Forwarding  and  POP/IMAP  tab 
in  the  settings  menu,  IMAP  had  to  be  enabled  in  order  to  be  able  to  synchronize  with  the 
Microsoft  Outlook  Application. 
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Figure  5.  Screen  Shot  of  Google  Gmail  Account  Registration.  (From  Google,  2009) 


Now  that  the  Google  Mail  account  was  set  up,  the  other  part  of  the  User  Agent 
had  to  be  set  up  so  that  the  laptop  could  access  this  account  and  use  the  Microsoft 
Outlook  application.  In  the  Microsoft  Outlook  application,  a  new  address  had  to  be 
added  and  is  easily  done  so  using  the  Microsoft  Add  E-mail  Accounts  wizard. 
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Figure  6.  Screen  Capture  of  the  New  Address  is  to  be  Added  to  the  Microsoft  Office 

Account  List.  (From  Microsoft,  2009) 
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Figure  7.  The  IMAP  server  type  is  seleeted  for  real-time  updates  of  the  messaged 
information  that  will  pass  from  the  Outlook  program  on  the  laptop 
to  the  receiving  address.  (From  Microsoft,  2009) 
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Figure  8.  The  account  is  now  put  into  Outlook  and  can  be  acknowledged  to  synchronize 
with  Google  mail  when  running.  (From  Microsoft,  2009) 
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E-mail  Accounts 


E-mail  Accounts 

You  can  select  an  account  and  change  its  settings  or  remove  it. 


Outlook  processes  e-mail  for  these  accounts  in  the  following  order; 


Name 

Type 

Hotmail 

HTTP  (Default) 

imap.gmail.com 

IMAP/SMTP 

limap.gmail.com  (1) 

IMAP/5MTP 

Change... 


Add... 


Remove 


Set  as  Default 


Move  Up 


Deliver  new  e-mail  to  the  following  location: 


Personal  Folders 


New  Outlook  Data  File. 


<  Back 

Finish 

Cancel 

Figure  9.  Final  registration  setup  sereen.  After  the  aeeounts  are  approved,  the  Finish  button 
allows  for  the  finalization  of  the  aecount  to  be  added  for  use  with  Outlook. 

(From  Mierosoft,  2009) 

F.  SENDING/RECEIVING  E-MAIL  MESSAGES 

The  next  stage  is  to  automate  the  sending  proeess.  Setting  up  the  ability  to  send 
information  was  developed  over  a  several  stages.  The  stages  were  as  follows: 

1)  Send  e-mail  to  a  predetermined  address  automatieally 

2)  Send  e-mail  with  an  attaehment  to  a  predetermined  address  automatieally 

3)  Exporting  the  data  file  from  the  GPS  nRoute  software 

4)  Reeeive  e-mail  automatieally 

5)  Download  attaehment  from  reeeived  e-mail  automatieally 

6)  Importing  the  GPS  data  file  from  the  e-mail 
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The  send  e-mail  feature  was  pursued  with  the  help  of  using  Visual  Studio  and 
programming  in  the  Visual  Basie  computer  programming  language.  This  language  was 
chosen  for  its  close  association  with  Microsoft  Outlook  since  macro  (in-house  automated) 
programs  can  be  developed  using  the  Visual  Basic  editor  built  in  to  the  Microsoft 
Outlook  program. 

The  sending  of  the  information  using  Visual  Basic  was  chosen  because  of  the 
concept  that  the  programming  language  would  be  easily  able  to  draft  and  send  the 
required  information  from  the  intended  User  Agent  with  little  difficulty  of  interaction 
with  the  Microsoft  Office  Software.  The  actual  development  of  the  Visual  Basic  program 
was  broken  down  into  smaller  parts.  The  sections  of  development  were  to  1)  create  a 
program  to  send  e-mails  using  Microsoft  Outlook  and  2)  attach  a  program  to  the  e-mail 
being  sent.  The  original  program  of  sending  the  e-mail  was  developed  using  a  form  with 
a  button  that  utilized  the  following  code; 

Imports  System.IO 
Imports  System.Collections 
Imports  Microsoft.VisualBasic 
Imports  System.net.Mail 
Imports  Microsoft 

Private  Sub  Email_Btn_Click(ByVal  sender  As  System.Object,  ByVal  e  As 
System.EventArgs)  Handles  Email  Btn.  Click 

'Create  OE  App  object 
Dim  objOLApp  As  Object 
Dim  objMsg  As  Object 

Dim  strRecipient  As  String  =  "SenderBlackmonThesis@Gmail.com" 

Dim  strSubj  As  String  =  "temp" 

Dim  strBody  As  String  =  "test  to  send" 

objOEApp  =  CreateObject("Outlook.Application") 


26 


If  objOLApp  Is  Nothing  Then 

MessageBox.Show("Could  not  create  OL  App.  Shutting  Down") 
Exit  Sub 

End  If 

'Create  a  new  mail  item 

objMsg  =  objOEApp.Createltem(O) 

If  objMsg  Is  Nothing  Then 

MessageBox.Show("Could  not  create  Mail  Item.  Shutting_  Down") 
Exit  Sub 

End  If 

'attach  each  file  attachment 
objMsg  .Attachments .  Add(filename) 

'Set  basic  message  parameters 
objMsg. To  =  strRecipient 
objMsg.  Subject  =  strSubj 
objMsg. Body  =  strBody 

'Send  the  message 
objMsg.  SendQ 

'Tree  up  the  space 
objOLApp  =  Nothing 
objMsg  =  Nothing 

End  Sub 
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As  soon  as  the  sending  of  the  e-mail  was  proven  possible  with  the  above  eode,  the 
following  line  was  added  just  after  the  strBody  variable  was  deelared; 

Dim  filename  As  String  =  "c:\Documents  and  Settings\Jason\My_ 
Doeuments\thesis\update.gdb" 

And  the  following  line  was  added  to  attach  the  file  after  the  create  new  mail  item  line  was 
added; 


'attach  each  file  attachment 
obJMsg  .Attachments .  Add(filename) 

The  code  searched  through  and  sent  the  information  as  desired. 


The  next  step  was  to  automate  the  process  of  sending  the  information.  This  was 
accomplished  with  the  assistance  of  a  macro  builder  program  called  MacroMaker  which 
is  developed  by  ARM  Software  and  can  be  downloaded  from  the  Web  site 
http://members.ij.net/anthonymathews/macromaker.htm.  After  being  downloaded  and 
installed,  the  Figure  10  displays  what  the  Web  site  looked  like: 


Figure  10.  MacroMaker  file  setup  screen.  (From  MacroMaker,  2009) 
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The  original  program  to  send  files  was  named  Export  File  and  the  eommands 
according  to  MacroMaker  were  as  follows: 


-  SET  FOREGROUND(Start  Button) 

-  SET  FOCUS(Start  Button) 

-  MOVE  MOUSE  POINTED(REE/WIN:  6963,31538) 

-  EEFT  BUTTON  DOWN 

-  EEFT  BUTTON  UP 


The  above  commands  executed  the  automated  sending  of  the  e-mail,  and  with  the 
help  of  the  scheduler  feature  of  the  MacroMaker  program,  the  e-mails  could  be  sent 
automatically  in  one  minute  intervals.  If  any  type  of  delay  was  required,  a  DEEAY 
command  is  easily  inserted  with  the  intended  delayed  amount  of  time  input  in 
milliseconds. 

Next,  the  process  of  automatically  exporting  the  data  to  be  sent  needed  to  be 
mastered.  This  was  accomplished  in  the  Export  File  program  with  several  commands 
input  into  the  Macro  body.  The  commands  utilized: 

RUN(C  :\Garmin\nRoute\nRoute .  exe) 

-  SET  FOREGROUND(nRoute) 

-  SET  FOCUS(nRoute) 

DELAY  2000  millisecond(s) 

-  CTRL(Down) 
eE(Down) 

-  eE(Up) 

-  CTRL(Up) 

-  uU(Down) 

-  uU(Up) 

-  pP(Down) 

-  pP(Up) 
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dD(Down) 

-  dD(Up) 
aA(Down) 
aA(Up) 
tT(Down) 

-  tT(Up) 

-  RETURN(Down) 

-  RETURN(Up) 


These  commands  allowed  for  the  file  export  function  to  be  called  in  the  nRoute 
GPS  tracking  software  and  saved  to  a  fide  named  update  which  was  automatically  saved 
as  a  Garmin  gdb  file  type.  The  process  of  sending  the  information  was  now  a  matter 
running  the  created  macro  program  and  the  e-mails  get  automatically  sent  from  the 
intended  information  supplier. 

The  next  step  in  this  process  is  the  receiving  of  the  information.  The  first  step  is 
determining  how  often  are  updates  desired  and  in  the  case  of  this  example  a  five  minute 
update  time  was  implemented  in  Figure  11  with  the  Send/Receive  — >  Send/Receive 
Settings  menu  in  Outlook: 
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Figure  1 1 .  Timer  setup  for  accounts.  (From  Microsoft,  2009) 


A  receive  e-mail  account  was  set  up  with  the  following  e-mail  address, 
ReceiverBlackmonThesis@Gmail.com.  The  password  for  this  address  is  the  same  as  the 
sender  address  to  keep  down  complexity.  The  receive  macro  was  developed  in  a  similar 
fashion  to  the  sender  macro.  This  macro  was  broken  down  into  two  parts,  the  download 
file  part  and  the  import  file  to  nRoute  part. 
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The  download  from  file  part  was  eondueted  using  the  MaeroMaker  program  and 
various  mouse  elieks  at  various  relative  loeations  on  the  open  Outlook  window.  The 
following  commands  are  how  the  file  is  downloaded: 


DELAY  300000  millisecond(s) 

-  SET  EOREGROUND(Inbox  -  Microsoft  Outlook) 
SET  EOCElS(Inbox  -  Microsoft  Outlook) 

-  MOVE  MOUSE  POINTER(REL/WIN:  4351,25872) 

-  LEET  BUTTON  DOWN 

-  LEET  BUTTON  UP 

-  MOVE  MOUSE  POINTER(REL/WIN:  3788,25940) 

-  LEET  BUTTON  DOWN 

-  LEET  BUTTON  UP 

-  MOVE  MOUSE  POINTER(REL/WIN:  17510,14677) 

-  LEET  BUTTON  DOWN 

-  LEET  BUTTON  UP 

-  MOVE  MOUSE  POINTER(REL/WIN:  31385,14335) 

-  RIGHT  BUTTON  DOWN 

-  RIGHT  BUTTON  UP 

-  MOVE  MOUSE  POINTER(REL/WIN:  32101,1 8022) 

-  LEET  BUTTON  DOWN 

-  LEFT  BUTTON  UP 

-  WAIT  FOR  WlNDOW(Save  Attachment) 

-  MOVE  MOUSE  POINTER(REL/WIN:  4351,25872) 

-  LEFT  BUTTON  DOWN 

-  LEFT  BUTTON  UP 

-  LEFT  BUTTON  DOWN 

-  LEFT  BUTTON  UP 

-  RETURN(Down) 

-  RETURN(Up) 
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The  second  part  of  the  command  lines  for  the  program  are  to  import  the 
downloaded  fde  into  a  running  nRoute  GPS  monitoring  window  that  will  provide  updates 
to  the  ‘update. gdb’  fde  every  five  minutes. 


-  SET  FOREGROUND(nRoute) 

-  SET  FOCUS(nRoute) 

-  CTRL(Down) 
il(Down) 

-  il(Up) 

-  CTRL(Up) 

-  uU(Down) 

-  uU(Up) 

-  pP(Down) 

-  pP(Up) 
dD(Down) 

-  dD(Up) 
aA(Down) 
aA(Up) 
tT(Down) 

-  tT(Up) 
eE(Down) 

-  eE(Up) 

.>(Down) 

-  ^(Up) 
gG(Down) 

-  gG(Up) 
dD(Down) 

-  dD(Up) 

-  bB(Down) 

-  bB(Up) 
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-  RETURN(Down) 

-  RETURN(Up) 


The  command  to  run  this  macro  is  triggered  every  minute  with  a  three-hundred 
thousand  millisecond  (5  min)  delay.  Now  the  most  recent  updates  of  a  GPS  position  as 
sent  by  the  receiver  can  be  received  and  viewed  by  the  monitoring  (receiving)  secondary 
station. 


G.  THE  TEST 

Now  the  guts  behind  what  is  making  the  program  run  have  been  revealed  and 
must  be  put  into  action  for  demonstration.  On  Thursday,  April  14,  2009,  the  laptop  was 
placed  in  a  car  and  driven  around  the  local  Monterey  area  with  the  Garmin  GPS  receiver 
with  nRoute  monitoring  software  running,  Microsoft  Office  running,  the  send  e-mail 
Visual  Basic  program  running,  and  the  Export  File  macro  running  as  well.  The 
information  was  saved  and  recorded.  If  an  Internet  connection  was  not  available  the  e- 
mail  was  sent  into  the  Outlook  Outbox  folder  and  as  soon  as  an  Internet  connection  was 
re-established,  the  folder  downloaded  the  fde. 

Because  of  the  frustration  of  waiting  for  the  laptop  computer  to  re-establish  a 
network  connection,  another  alternative  was  sought  out.  A  Verizon  cellular  with  mobile 
broadband  access  to  the  Internet  was  utilized.  This  was  accomplished  using  the  Verizon 
wireless  VZAccess  Manager  software.  This  allowed  for  the  laptop  User  Agent  to  utilize 
the  3G  capabilities  with  the  Verizon  EVDO  Internet  capabilities. 
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Figure  12.  Verizon  modem  software  eonneetion  screen  display. 
(From  Verizon  Wireless,  2009) 
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Figure  13.  Verizon  VZAccess  Manager  specifications.  (From  Verizon  Wireless,  2009) 


The  simple  idea  of  plugging  in  the  laptop  computer  to  a  cellular  phone  with 
Internet  capability  to  act  as  a  modem  provided  a  simple  solution  to  the  complex  idea  of 
keeping  the  User  Agent  in  constant  contact  with  the  extremely  powerful  Internet. 

When  the  course  was  completed  and  the  updates  were  sent  via  the  laptop  User 
Agent  to  the  monitoring  User  Agent,  update. gdb  files  followed  the  transmission  path  as 
in  Figure  4,  going  from  the  GPS  receiver  to  the  laptop  computer;  saved  to  the  fide; 
attached  to  the  e-mail;  authenticated  using  PKI;  transmitted  via  the  cellular  phone 
modem;  traveled  across  the  Internet;  received  by  the  monitoring  location;  verified 
authentication  by  the  receiving  station;  opened  and  viewed  by  the  receiving  station.  The 
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test  metric  was  successfully  proven  because  the  data  transmitted  successfully  from  end  to 
end.  The  data  is  unprotected  on  the  ends  of  the  transmission  (on  the  transmitting  laptop 
and  the  monitoring  station)  but  protected  once  transmitted  in  the  e-mail  format.  Anyone 
that  wants  to  interfere  with  the  transmission  of  the  data  in  the  middle  cannot  do  so 
because  that  is  where  the  protection  is  located  with  security  “bubble”  around  the  data. 

A  very  noteworthy  point  is  even  though  the  signal  was  not  consistent  throughout 
the  sending  of  the  location  data,  the  security  was  not  compromised  because  it  was 
protected  before  transmission  and  had  the  protection  removed  by  the  receiving  computer. 
This  security  concept  is  applicable  for  any  WIFI  or  EVDO  wireless  transmitted  computer 
because  only  the  end  users  can  strip  away  the  security  around  the  data. 
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V.  FINDINGS 


The  results  indieate  using  one  User  Agent  attached  to  any  connection  node  on  an 
inter-networked  system  can  communicate  the  intended  information  to  another  User  Agent 
through  another  inter-networked  system  properly  and  securely.  The  preferred  standards 
for  protecting  the  information  to  be  stored  is  must  be  specific  to  the  end  system,  because 
the  data  is  the  only  part  requiring  security  protection  across  the  inter-networked 
Information  Systems. 

The  validity  of  the  test,  the  purpose  behind  this  thesis,  was  proved  successful 
because  the  transmission  of  data  was  successfully  across  the  Internet  utilizing  the 
transmission  flow  in  Figure  4.  The  use  of  secure  e-mail  eliminates  users’  concerns  and 
minimizes  the  exposure  of  unprotected  data  within  the  Operating  System  in  the  end 
systems. 

There  was  difficulty  developing  the  system  due  to  a  lack  of  familiarity  with 
Visual  Basic,  plus  the  involvement  of  a  script  editor  was  used  to  help  in  the  automation 
of  the  process.  Trial  and  error  was  involved  in  the  development  of  the  system.  After 
initial  programming  bugs  resolved  the  network  capability  was  confirmed  and  later  tests 
were  successful.  Ultimately,  Microsoft  Outlook  was  the  e-mail  application  tool  chosen 
based  upon  its  availability  and  certificate  incorporation  ability. 

However,  potential  drawbacks  still  existed.  Such  drawbacks  included  the 
possibility  of  being  hacked  and  keeping  the  computer  safe  from  outside  sources  was  still 
a  definite  concern.  Therefore,  a  non-Hotmail  e-mail  account  was  designed  because  a 
connection  fee  was  required  to  establish  a  Microsoft  Outlook — Hotmail  account 
connection  for  any  Hotmail  account  developed  after  2004.  This  fee  was  removed  after 
the  test  in  September  2009. 

In  the  end,  the  following  research  questions  were  answered:  1.)  Can  First 
Responders  use  PKI  to  provide  security  for  information  that  comes  from  a  sensing  tool 
that  is  transmitted  across  the  Internet  via  wireless  means?  2.)  Does  it  have  value?  3.)  If  it 
has  value,  then  to  whom?  First  Responders  can  use  PKI  to  provide  security  for 
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information  coming  from  a  sensing  tool  that  is  transmitted  aeross  the  Internet  via  wireless 
means  to  a  eentral  site.  Current  Information  Teehnology  in  use  ean  be  easily  altered  to 
use  PKI,  espeeially  if  they  use  a  VPN  today.  The  test  use  ease  provided  a  visual 
demonstration  that  this  ean  happen.  The  faet  that  there  are  organizations  dedieating  time 
and  resourees  to  enhanee  the  eapability  of  using  PKI  in  mobile  platforms  definitely 
proves  that  there  is  value  in  evolving  the  use  of  this  possibility.  In  the  use  ease  seetion,  e- 
eommeree,  mobile  platform  software  developers,  XML  eommunieation  developers,  and 
federal  organizations  all  have  proven  interest  in  using  PKI  for  more  hardware  and 
software  applieations. 

The  test  involved  using  GPS  information  and  the  Mierosoft  Offiee  Outlook 
eomputer  program  as  a  means  to  provide  an  easy  to  follow  example.  The  method  of 
information  transmission  proved  unimportant.  Any  other  data  transfer  program  eould  be 
inserted  to  provide  similar  results.  For  this  test  in  this  thesis,  the  information  was  saved 
from  one  file,  attaehed  to  an  e-mail  doeument,  digitally  signed,  sent,  reeeived, 
downloaded  and  resaved  on  a  seeond  eomputer  by  an  individual  user.  The  users 
eonneeted  to  the  Internet  were  of  no  importanee  beeause  the  different  loeal  area  networks 
used  the  Internet  Protoeol  to  traverse  aeross  different  eonneeted  networks.  Onee  again, 
demonstrating  the  option  of  using  the  Internet  as  the  interoperable  network  of  networks 
as  a  means  to  eonneet  different  users  together. 

The  use  of  a  GPS  sensor  aeeomplished  two  tasks  as  the  data  is  passed  from  the 
laptop  user  to  the  other.  First,  beeause  of  GPS  teehnology,  data  from  the  loeation  of  the 
sensor  provided  dynamie  information  that  was  eonstantly  updated  by  the  user  using  this 
end  system  allowing  for  multiple  updates  with  new  information.  Seeond,  the  digital 
signature  provides  for  integrity  of  the  information  originating  from  the  desired  souree 
when  reeeived  by  the  seeond  user. 

This  test  provided  a  proof  of  eoneept  that  a  simple  solution  to  the  blue  foree 
traeker  idea  ean  be  developed  utilizing  a  Network  Citizen  that  maintains  itself  in 
aeeordanee  with  a  few  basie  requirements.  The  LAN  interfaee  presented  here  is  the 
wireless  network  eard  or  the  broadband  wireless  eell  phone  maintaining  the  laptop’s 

eonneetivity  with  the  Internet.  The  paekaging  interfaee  of  the  information  is  the  e-mail 
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MIME  structure  of  sending  information  in  an  e-mail  format  from  a  souree  to  its 
destination.  The  PKI  interfaee  is  determined  with  the  Mierosoft  Outlook  program  whieh 
harnesses  the  power  of  using  a  digital  signature  in  order  to  maintain  eonfidence  that  the 
information  is  arriving  from  a  trusted  souree.  The  Quality  of  Serviee  is  maintained  by 
monitoring  the  network  for  partieular  hang-ups  and  ensuring  those  hang  ups  don’t  delay 
the  routing  of  important  information.  In  the  ease  of  this  test  demonstration,  the  use  of  the 
Verizon  wireless  eellular  phone  as  a  modem  and  using  the  Verizon  wireless  broadband 
Internet  aeeess  instead  of  waiting  for  a  random  wireless  network  eonneetion  to  be 
established.  The  management  interfaee  is  the  monitoring  of  the  updates  by  the 
monitoring  station  and  a  laek  of  timely  updates  ean  provide  insight  into  a  possible 
problem  with  the  network  or  User  Agent  aetive  eonneetion. 

This  test  meets  the  requirements  of  a  good  network  eitizen  and  maintains  a  sense 
of  modularity  with  the  ability  to  maneuver  around  freely  and  provide  these  GPS  updates. 
The  basis  for  using  this  example  as  a  model  to  for  any  other  system  of  information 
sharing  shows  how  important  this  test  has  been.  The  idea  of  stove  piping  an  updating 
system  is  proven  unneeessary  due  to  the  simplieity  of  this  demonstration.  The  User 
Agent  ean  be  any  information  system  and  not  remain  limited  to  GPS  reeeiver  data 
beeause  the  information  in  the  file  e-mailed  ean  be  of  any  type.  Therefore,  this  test 
demonstrates  the  ubiquity  of  using  a  similar  setup  for  any  other  type  of  information  that 
has  a  need  to  be  shared  and  monitored. 

The  results  indieate  using  one  User  Agent  attaehed  to  any  eonneetion  node  on  an 
inter-networked  system  ean  eommunieate  the  intended  information  to  another  User  Agent 
through  another  inter-networked  system  properly  and  seeurely.  The  preferred  standards 
for  proteeting  the  information  to  be  stored  is  must  be  speeific  to  the  end  system,  because 
the  data  is  the  only  part  requiring  seeurity  protection  across  the  inter-networked 
Information  Systems. 

The  validity  of  the  test,  the  purpose  behind  this  thesis,  was  proved  sueeessful 
beeause  the  transmission  of  data  was  suoeessfully  aeross  the  Internet  utilizing  the 
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transmission  flow  in  Figure  4.  The  use  of  seeure  e-mail  eliminates  users’  eoncerns  and 
minimizes  the  exposure  of  unproteeted  data  within  the  Operating  System  in  the  end 
systems. 

There  was  diffieulty  developing  the  system  due  to  a  laek  of  familiarity  with 
Visual  Basie,  plus  the  involvement  of  a  seript  editor  was  used  to  help  in  the  automation 
of  the  proeess.  Trial  and  error  was  involved  in  the  development  of  the  system.  After 
initial  programming  bugs  resolved  the  network  eapability  was  eonfirmed  and  later  tests 
were  suceessful.  Ultimately,  Mierosoft  Outlook  was  the  e-mail  applieation  tool  ehosen 
based  upon  its  availability  and  certifioate  ineorporation  ability. 

However,  potential  drawbaeks  still  existed.  Sueh  drawbacks  included  the 
possibility  of  being  hacked  and  keeping  the  computer  safe  from  outside  sources  was  still 
a  definite  concern.  Therefore  a  non-Hotmail  e-mail  account  was  designed  because  a 
connection  fee  was  required  to  establish  a  Microsoft  Outlook — Hotmail  account 
connection  for  any  Hotmail  account  developed  after  2004.  This  fee  was  removed  after 
the  test  in  September  2009. 

In  the  end,  the  following  research  questions  were  answered:  1.)  Can  First 
Responders  use  PKI  to  provide  security  for  information  that  comes  from  a  sensing  tool 
that  is  transmitted  across  the  Internet  via  wireless  means?  2.)  Does  it  have  value?  3.)  If  it 
has  value,  then  to  whom?  First  Responders  can  use  PKI  to  provide  security  for 
information  coming  from  a  sensing  tool  that  is  transmitted  across  the  Internet  via  wireless 
means  to  a  central  site.  Current  Information  Technology  in  use  can  be  easily  altered  to 
use  PKI,  especially  if  they  use  a  VPN  today.  The  test  use  case  provided  a  visual 
demonstration  that  this  can  happen.  The  fact  that  there  are  organizations  dedicating  time 
and  resources  to  enhance  the  capability  of  using  PKI  in  mobile  platforms  definitely 
proves  that  there  is  value  in  evolving  the  use  of  this  possibility.  In  the  use  case  section,  e- 
commerce,  mobile  platform  software  developers,  XML  communication  developers,  and 
federal  organizations  all  have  proven  interest  in  using  PKI  for  more  hardware  and 
software  applications. 
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The  test  involved  using  GPS  information  and  the  Mierosoft  Offiee  Outlook 
eomputer  program  as  a  means  to  provide  an  easy  to  follow  example.  The  method  of 
information  transmission  proved  unimportant.  Any  other  data  transfer  program  could  be 
inserted  to  provide  similar  results.  For  this  test  in  this  thesis,  the  information  was  saved 
from  one  fde,  attached  to  an  e-mail  document,  digitally  signed,  sent,  received, 
downloaded  and  resaved  on  a  second  computer  by  an  individual  user.  The  users 
connected  to  the  Internet  were  of  no  importance  because  the  different  local  area  networks 
used  the  Internet  Protocol  to  traverse  across  different  connected  networks.  Thus,  once 
again,  demonstrating  the  option  of  using  the  Internet  as  the  interoperable  network  of 
networks  as  a  means  to  connect  different  users  together. 

The  use  of  a  GPS  sensor  accomplished  two  tasks  as  the  data  is  passed  from  the 
laptop  user  to  the  other.  First,  because  of  GPS  technology,  data  from  the  location  of  the 
sensor  provided  dynamic  information  that  was  constantly  updated  by  the  user  using  this 
end  system  allowing  for  multiple  updates  with  new  information.  Second,  the  digital 
signature  provides  for  integrity  of  the  information  originating  from  the  desired  source 
when  received  by  the  second  user. 

This  test  provided  a  proof  of  concept  that  a  simple  solution  to  the  blue  force 
tracker  idea  can  be  developed  utilizing  a  Network  Citizen  that  maintains  itself  in 
accordance  with  a  few  basic  requirements.  The  LAN  interface  presented  here  is  the 
wireless  network  card  or  the  broadband  wireless  cell  phone  maintaining  the  laptop’s 
connectivity  with  the  Internet.  The  packaging  interface  of  the  information  is  the  e-mail 
MIME  structure  of  sending  information  in  an  e-mail  format  from  a  source  to  its 
destination.  The  PKI  interface  is  determined  with  the  Microsoft  Outlook  program  which 
harnesses  the  power  of  using  a  digital  signature  in  order  to  maintain  confidence  that  the 
information  is  arriving  from  a  trusted  source.  The  Quality  of  Service  is  maintained  by 
monitoring  the  network  for  particular  hang-ups  and  ensuring  those  hang  ups  don’t  delay 
the  routing  of  important  information.  In  the  case  of  this  test  demonstration,  the  use  of  the 
Verizon  wireless  cellular  phone  as  a  modem  and  using  the  Verizon  wireless  broadband 
Internet  access  instead  of  waiting  for  a  random  wireless  network  connection  to  be 
established.  The  management  interface  is  the  monitoring  of  the  updates  by  the 
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monitoring  station  and  a  lack  of  timely  updates  ean  provide  insight  into  a  possible 
problem  with  the  network  or  User  Agent  aetive  conneetion. 

This  test  meets  the  requirements  of  a  good  network  eitizen  and  maintains  a  sense 
of  modularity  with  the  ability  to  maneuver  around  freely  and  provide  these  GPS  updates. 
The  basis  for  using  this  example  as  a  model  to  for  any  other  system  of  information 
sharing  shows  how  important  this  test  has  been.  The  idea  of  stove  piping  an  updating 
system  is  proven  unneeessary  due  to  the  simplieity  of  this  demonstration.  The  User 
Agent  ean  be  any  information  system  and  not  remain  limited  to  GPS  receiver  data 
beeause  the  information  in  the  file  e-mailed  ean  be  of  any  type.  Therefore,  this  test 
demonstrates  the  ubiquity  of  using  a  similar  setup  for  any  other  type  of  information  that 
has  a  need  to  be  shared  and  monitored. 
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VI.  CONCLUSIONS  AND  FUTURE  DEVELOPMENTS 


A,  CONCLUSIONS 

This  thesis  demonstrates  that  information  ean  be  seeured  with  a  digital  signature 
from  end-to-end  aeross  the  Internet. 

a. )  The  type  of  network  that  was  available  was  irrelevant,  and  therefore  did  not 
impaet  the  availability  of  the  data  during  transmission.  The  only  requirement  is  having  a 
eonneetion  to  the  Internet,  whieh  is  aeeomplished  using  the  EVDO  Verizon  eapability. 
Partieularly  noteworthy  is  that  no  need  exists  by  the  user  to  know  anything  about  the  type 
of  Internetwork  exeept  that  it  is  eonneeted  to  the  Internet.  With  the  digital  signature/PKI 
eapability,  the  network  ean  be  either  a  hand  radio  or  digital  information  and  there  is 
assuranee  of  eontent  seeurity.  In  the  end,  there  is  a  simple  solution,  and  that  solution  is 
usually  the  eorreet  one. 

b. )  In  this  experiment,  information  was  sent  and  reeeived  using  the  tools  provided. 
For  this  test  ease,  position  information  was  the  information  ehosen  to  be  transmitted,  but 
this  seeurity  proeedure  ean  apply  to  any  ease.  The  information  does  not  need  to  be 
limited  to  what  was  performed  here  in  order  to  meet  the  seeurity  levels  demonstrated 
here.  That  is  the  advantage  of  this  basie  system  setup. 

B.  FUTURE  DEVELOPMENTS 

A  simple  solution  exists  for  ensuring  seeurity  eapability  aeross  the  Internet  that 
ean  utilize  a  simple  solution  to  the  authentieity  of  information  transmitted  aeross  the 
Internet.  First  responders  should  take  advantage  of  the  simple  solution  provided  by  the 
eurrent  PKI  eapability  to  address  seeurity  issues. 

1.  All  end  systems  should  only  transmit  data  that  is  digitally  signed.  If 
eonfidentiality  is  required,  then  the  end  systems  should  transmit  data  that  is  enerypted. 
No  end  system  should  uneonditionally  aeeept  data  unless  it  a  valid  digital  signature  is 
deteeted. 
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2.  The  goal  of  future  systems  should  be  to  move  toward  a  similar  design  as 
presented  here.  If  there  is  a  requirement  for  the  information  to  be  sent  aeross  the 
network,  investment  should  be  along  ensuring  that  the  protection  capability  meets  the 
simple  requirements  presented  here.  Early  planning  addresses  many  possible  future 
security  related  issues.  Using  this  already-established  security  concept  provides  a  simple 
solution  without  complicating  the  how  to  talk  from  end  to  end.  The  end-to-end  levels  of 
security  allow  the  designing/procuring  of  a  system  to  have  fewer  issues  down  the  line. 

First  responders  have  a  need  for  information  that  contains  these  capabilities.  All 
future  systems  to  be  developed  need  to  require  digital  signatures  for  all  network 
transmissions.  The  new  focus  on  true  systems  interoperability  would  be  achieved  across 
local,  county,  state,  and  federal  lines  in  a  more  cost-effective  manner. 
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